WPA (Wi-Fi Protected Access)
WPA (Wi-Fi Protected Access) is an interim standard by the WiFi Alliance to comply with the security protocol designed for wireless security. WPA will most likely be rolled into an eventual IEEE 802.11i standard. This protocol was an outcome of numerous severe flaws researchers had discovered in the preceding wireless security system called Wired Equivalent Privacy (WEP).
WPA (W-Fi Protected Access) Modes of Operations
WPA (Wi-Fi Protected Access) features two very different modes of operation:
| WPA Enterprise Mode | WPA PSK (Pre-Shared Key) Mode |
|---|---|
| Requires an authentication server | Does not require an authentication server |
| Uses RADIUS protocols for authentication and key distribution | Shared secret is used for authentication |
| Centralizes management of user credentials | Device-oriented management of user credentials |
The PSK (Pre-Shared Key) Mode of WPA is vulnerable to the same risks as any other shared password system, such as dictionary attacks. PSK Mode also suffers from the same key management difficulties as any system where the key is shared among multiple users, such as the difficulties in removing a user once access has been granted.
The Enterprise Mode of WPA benefits from the maturity of the RADIUS architecture — but it requires a RADIUS server. This is not something that will benefit most home users.
Security Enhancements in WPA (Wi-Fi Protected Access)
WPA provides additional security by:
- Requiring authentication using 802.1X
- Requiring re-keying using TKIP
- Augmenting the ICV (Integrity Check Value) with a MIC (Message Integrity Check), to protect the header as well as the payload
- Implementing a frame counter to discourage replay attacks
WPA2
In addition to WPA, some vendors also implement WPA2, which allows the use of AES instead of RC4. WPA2 necessitates certification and testing by the Wi-Fi Alliance. WPA2 makes use of the compulsory elements of 802.11i. It principally establishes a fresh AES-based algorithm, CCMP, which is believed to be totally secure.
|
|
- Windows Remote Access
Windows Remote Access is a set of components which allow remote users to access centralized computing resources. Windows Remote Access consists of the following components: Remote Access Clients Computers which are running a Windows operating system creates either a dial-up or virtual private network connection to the remote access server. The remote access client can [...]...
- How Internet Authentication Service (IAS) works
Internet Authentication Service (IAS) is Microsoft's implementation of a RADIUS (Remote Authentication Dial-in User Service) server and proxy. As a RADIUS server, IAS performs centralized connection authentication, authorization, and accounting for many types of network access, including wireless and VPN (Virtual Private Network) connections. As a RADIUS proxy, IAS forwards authentication and accounting messages to [...]...
- 802.11i
802.11i is a draft IEEE standard for 802.11 wireless network security. 802.11i defines several new standards, and also relies heavily on many existing standards. New Protocols in 802.11i 802.11i introduced the RSN (Robust Secure Network) protocol for establishing secure communications. 802.11i also introduced the WRAP (Wireless Robust Authentication Protocol) and CCMP encryption protocols. WRAP and [...]...
- Active Directory Authentication Types
The two types of authentication are Mutual Authentication and NTLM. Mutual Authentication requires both the server and the client to identify them. NTLM only requires the client to be validated by the server. Two types of authentication are Mutual Authentication and NTLM Authentication. Mutual Authentication Mutual Authentication is a security feature in which a client [...]...
- EAP, LEAP, PEAP and EAP-TLS and EAP-TTLS
EAP, LEAP, PEAP, and TTLS are competing protocols for securely transporting authentication data. EAP EAP (Extensible Authentication Protocol), defined in RFC 2284 — PPP Extensible Authentication Protocol (EAP), is the original 802.11 standard. LEAP LEAP (Lightweight Extensible Authentication Protocol) is a proprietary protocol which was developed by Cisco. Cisco is phasing out LEAP in favor [...]...